Sok Dymang
asked on
Assign permission to Domain user to be able to make change on local computer
I have one window user (Win10) that joined domain, so normally they will have no permission to make any changes on local computer, so i want to give permission on that domain user to be able only install any software on their computer but every strict permission keep as original, how to do that?
ASKER
i only want him to be able to install something on his computer @bbao
> want him to be able to install something on his computer
that's by default, if the user is a local admin, not a domain admin.
:)
that's by default, if the user is a local admin, not a domain admin.
:)
ASKER
That user is a domain user, and i want him to be able to make change on her computer.
as mentioned above, as long as you keep the user as a LOCAL administrator on top of a common domain user, she can do that.
As gentleman above said this will work, but keep in mind that if you want to install program as local admin, you need to login localy and not in domain.
You can change lines 1,2, 12.
And set it as a GPO starter script.
Set it as GPO.
User Configuration/Policies/Win dows Settings/Scripts/Logon/Tes t.vbs
And set it as a GPO starter script.
Set it as GPO.
User Configuration/Policies/Win
strUser = "test"
strPassword = "Pa$$w0rds"
Const ADS_SECURE_AUTHENTICATION = &H1
Const ADS_USE_ENCRYPTION = &H2
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
Set objNS = GetObject("WinNT:")
Set objUser = objNS.OpenDSObject("WinNT://<DOMAIN>/" & strUser & ",user", _
strUser, strPassword, ADS_SECURE_AUTHENTICATION Or ADS_USE_ENCRYPTION)
If Not objGroup.IsMember(objUser.ADsPath) Then
objGroup.Add(objUser.ADsPath)
' Wscript.Echo strUser & " added to local administrators."
End If
Please don't use the script above as anybody can via that cleartext password and it will make all users that this policy applies to, admins.
You do get applications that can install as a user if the vendors publish it properly, for example, ClickOnce applications
You do get applications that can install as a user if the vendors publish it properly, for example, ClickOnce applications
Pointing right back at the original comment here from bbao, you can make a domain user a local administrator on an individual PC. You just need to establish that right on the machine in question. It does not elevate their permissions elsewhere.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
what do you mean about this? do you actually mean to prevent a domain user from uninstalling existing or pre-installed software on his/her Windows 10 computer?